activemq-artemis/examples/jms/jaas
Andy Taylor 4b63891aaa ACTIVEMQ6-67 - cleaned up configuration
https://issues.apache.org/jira/browse/ACTIVEMQ6-67

fixed distribution so that file based security works and hot deployers as broken and no longer needed with new bootstrap.

Also combined the jms and core configuration files.
2015-01-15 15:48:22 +00:00
..
src/main ACTIVEMQ6-67 - cleaned up configuration 2015-01-15 15:48:22 +00:00
pom.xml ActiveMQ6-65 JBoss JMS1.1 -> Geronimo 2.0 spec jar 2015-01-07 19:54:42 +00:00
readme.html ACTIVEMQ6-43(reopened) : Replace License Headers on codebase 2015-01-05 13:14:25 -05:00

readme.html

<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements.  See the NOTICE file
distributed with this work for additional information
regarding copyright ownership.  The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License.  You may obtain a copy of the License at

  http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied.  See the License for the
specific language governing permissions and limitations
under the License.
-->

<html>
  <head>
    <title>ActiveMQ JAAS Example</title>
    <link rel="stylesheet" type="text/css" href="../common/common.css" />
    <link rel="stylesheet" type="text/css" href="../common/prettify.css" />
    <script type="text/javascript" src="../common/prettify.js"></script>
  </head>
  <body onload="prettyPrint()">
     <h1>JAAS Example</h1>

     <p>This example shows you how to configure ActiveMQ to use JAAS for security.</p>
     <p>ActiveMQ can leverage JAAS to delegate user authentication and authorization to existing security infrastructure.</p>
     
     <p>
         The example will show how to configure ActiveMQ with JAAS in <a href="server0/activemq-beans.xml">activemq-beans.xml</a>
         (You would use <literal>activemq-jboss-beans.xml</literal> if you are running inside JBoss Application
         Server).
         It will use a simple <code>LoginModule</code> without any user interaction.
         The example will create a connection and authenticate the user with this JAAS LoginModule, send a message
         to a queue and receive it (see the <a href="../../queue/readme.html">Queue example</a> for a complete description
         of the application code)
     </p>
     <p>Note than the example actually sets the security manager via the maven pom.xml, however for we will discuss as if
     the activemq-beans.xml is being configured, the example beans file can be found under the <code>src/main/resources</code>
     directory</p>
     <h2>Example setup</h2>
     <p>ActiveMQ can use a JAAS security manager by specifying it in <a href="server0/activemq-beans.xml">activemq-beans.xml</a>:</p>
     <pre class="prettyprint">
             &lt;!-- The security manager using JAAS --&gt;
             &lt;bean name=&quot;ActiveMQSecurityManager&quot; class=&quot;org.apache.activemq.integration.jboss.security.JAASSecurityManager&quot;&gt;
             &lt;property name=&quot;configurationName&quot;&gt;org.apache.activemq.jms.example.ExampleLoginModule&lt;/property&gt;
             &lt;property name=&quot;configuration&quot;&gt;
             &lt;inject bean=&quot;ExampleConfiguration&quot;/&gt;
             &lt;/property&gt;
             &lt;property name=&quot;callbackHandler&quot;&gt;
             &lt;inject bean=&quot;ExampleCallbackHandler&quot; /&gt;
             &lt;/property&gt;
             &lt;/bean&gt;

             &lt;!-- JAAS uses a simple LoginModule where the user credentials and roles are
             specified as options in the constructor --&gt;
             &lt;bean name=&quot;ExampleConfiguration&quot; class=&quot;org.apache.activemq.jms.example.ExampleConfiguration&quot;&gt;
             &lt;constructor&gt;
             &lt;parameter&gt;org.apache.activemq.jms.example.ExampleLoginModule&lt;/parameter&gt;
             &lt;parameter&gt;
             &lt;map class=&quot;java.util.HashMap&quot; keyClass=&quot;java.lang.String&quot;
             valueClass=&quot;java.lang.String&quot;&gt;
             &lt;entry&gt;
             &lt;key&gt;user&lt;/key&gt;
             &lt;value&gt;jboss&lt;/value&gt;
             &lt;/entry&gt;
             &lt;entry&gt;
             &lt;key&gt;pass&lt;/key&gt;
             &lt;value&gt;redhat&lt;/value&gt;
             &lt;/entry&gt;
             &lt;entry&gt;
             &lt;key&gt;role&lt;/key&gt;
             &lt;value&gt;guest&lt;/value&gt;
             &lt;/entry&gt;
             &lt;/map&gt;
             &lt;/parameter&gt;
             &lt;/constructor&gt;
             &lt;/bean&gt;

             &lt;!-- the CallbackHandler does nothing as we don&apos;t have any user interaction --&gt;
             &lt;bean name=&quot;ExampleCallbackHandler&quot; class=&quot;org.apache.activemq.jms.example.ExampleCallbackHandler&quot;
             /&gt;
     </pre>
     
     <ul>
        <li>the ActiveMQSecurityManager's <code>configurationName</code> must be the name of the Java class implementing <code>LoginModule</code></li>
        <li>the <code>callbackHandler</code> property must be an implementation of <code>CallbackHandler</code>. In this example, the ExampleCallbackHandler
           does nothing since the authentication requires no user interaction</li>
        <li>the <code>configuration</code> property must be an implementation of <code>Configuration</code>. For simplicity, we pass directly the
           user credentials as options to the <code>ExampleConfiguration</code> constructor. These options will be passed to an instance
           of ExampleLoginModule which will check that the only valid user is "jboss" with the password "redhat"
           and it has the role "guest". </li>
     </ul>        

     <h2>Example step-by-step</h2>
     <p><i>To run the example, simply type <code>mvn verify</code> from this directory</i></p>
     <p>The only relevant step with regard to JAAS configuration is step 4 (all the other
        steps are identical to the <a href="../../queue/readme.html">Queue example</a>).
     <ol start="4">
        <li>We create a JMS Connection with user "jboss" and password "redhat". Any other
           combination of name and password won't be valid for the ExampleLoginModule</li>
        <pre class="prettyprint">
           <code>connection = cf.createConnection("jboss", "redhat");</code>
        </pre>  
     </ol>
        
     <h2>More information</h2>
     
     <ul>
         <li>User Manual's <a href="../../../docs/user-manual/en/html_single/index.html#security">Security chapter</a></li>
     </ul>
  </body>
</html>